The diagnosis_control.php page has a tcpdump function, that can capture FortiWAN data packets and download captured packets to local host for analysis and debug. A non-administrative authenticated attacker having access privileges to change the HTTP Get param UserName to Administrator to download a PCAP file of all captured packets from the FortinWAN device since the tcpdump function was activated.